Approval for a devscripts t-p-u upload
Hi,
#508111 highlighted a bug in debsign where a temporary file was
generated with a predictable filename due to an incorrect mktemp(1)
call.
Whilst it doesn't appear that it can be used to overwrite files, if a
file of the same name from an earlier attempt to sign the same file (for
instance because the first attempt failed during a gpg call) exists then
debsign will block forever as mktemp will never return.
The bug was introduced a little while before the freeze and given the
size of the diff it was suggested that it might be fixable via t-p-u.
I've attached a minimal debdiff against the lenny version of devscripts
for consideration.
Thanks,
Adam
diff -Nru devscripts-2.10.35/debian/changelog devscripts-2.10.35/debian/changelog
--- devscripts-2.10.35/debian/changelog 2008-07-26 21:57:49.000000000 +0100
+++ devscripts-2.10.35/debian/changelog 2008-12-12 18:25:06.000000000 +0000
@@ -1,3 +1,12 @@
+devscripts (2.10.35-lenny1) testing; urgency=low
+
+ * debsign: Fix a mktemp call to actually generate unique filenames and
+ avoid blocking forever if the file already exists (for example
+ because a previous attempt to sign had failed during the GPG phase).
+ See Debian bug #508111.
+
+ -- Adam D. Barratt <adam@adam-barratt.org.uk> Fri, 12 Dec 2008 18:19:35 +0000
+
devscripts (2.10.35) unstable; urgency=low
* checkbashisms: Only flag "local x y" and "local foo=bar" when --posix is
diff -Nru devscripts-2.10.35/scripts/debsign.sh devscripts-2.10.35/scripts/debsign.sh
--- devscripts-2.10.35/scripts/debsign.sh 2008-06-26 19:16:27.000000000 +0100
+++ devscripts-2.10.35/scripts/debsign.sh 2008-12-12 18:26:10.000000000 +0000
@@ -87,7 +87,7 @@
local filename
if ! [ -w "$(dirname "$1")" ]; then
- filename=`mktemp -t "$(basename "$1").XXXXXXXXXX.$2"` || {
+ filename=`mktemp -t "$(basename "$1").$2.XXXXXXXXXX"` || {
echo "$PROGNAME: Unable to create temporary file; aborting" >&2
exit 1
}
Reply to: